Skip to content

Domain Name Privacy

An important piece of internet privacy is under attack, and I’m asking for help protecting it. The EFF explains it well, but short version: every domain (the part of a web address that comes after “www” and includes something like “.org” or “.com” — in the case of this blog, “sheldon-hess.org” is the domain) is registered to a person or by a company. As part of that registration, the entity’s physical address is recorded. By default, that address is available when someone looks up information about the domain, using a service called “WHOIS,” but it has become a fairly common practice to allow domain registrars (the companies that lease domains) to anonymize that information.

As a woman with opinions on the internet, you bet I avail myself of this service. Here’s the WHOIS on this domain (also visible in the banner of this post). The WHOIS on my other four domains look much the same.

ICANN, the organization that makes policies around WHOIS (and domain names in general), is considering removing this option for websites deemed “commercial” — which could be construed as including any site that uses ads or talks about consulting services. (Like this one.) A lot of really important sites’ owners would suddenly lose this protection, all because the entertainment industry wants to have an easier time suing people.

If you don’t own any domains, or even if you do, I’m hoping you’ll take a minute to write to ICANN. I put a sample letter, similar to (but different from) the one I sent, below; modify it until you like it, and send it along, please. Also, please consider signing this petition, hosted at SaveDomainPrivacy.org.

If you do have a domain registered, will you please also ask your host/registrar to fight for anonymity? I offer a sample letter, much like the one I sent DreamHost, below.

A sample letter to send to ICANN

This should be sent to comments-ppsai-initial-05may15@icann.org

Anonymized WHOIS is a very important first step in the fight to protect free speech online, especially for marginalized voices. GamerGate and other online hate groups target people people whom they disagree with and whose addresses they are able to find. This article is a good primer on the kind of damage they do: http://feministing.com/2015/01/16/things-have-happened-in-the-past-week-on-doxing-swatting-and-8chan/

Because “commercial” has been construed so broadly, in the past, preventing registrars from anonymizing WHOIS data would put the owners of many valuable and informative websites at risk.

While I understand that the entertainment industry wants to increase individual liability for unauthorized distribution of their property, the threat to domain owners and the chilling effect this would have on free speech cannot be overlooked.

A sample letter to send to your domain registrar or web host

One of the things I like very best about [your hosting service] is the private domain name registrations that you offer. Anonymized WHOIS is a very important first step in the fight to protect free speech online, especially for marginalized voices. You might be aware of GamerGate and other online hate groups and the real damage they do to people whose addresses they are able to find. If not, this is a good primer: http://feministing.com/2015/01/16/things-have-happened-in-the-past-week-on-doxing-swatting-and-8chan/

The ability anonymize WHOIS data is under attack, now, and I would like to know what [your company] is doing to help keep this important safety option available. https://www.eff.org/deeplinks/2015/06/changes-domain-name-rules-place-user-privacy-jeopardy

DreamHost’s response

I completely understand your concern about this, and will address the issue as candidly as I can. DreamHost has no official position with regard to this matter, but we have not abandoned our commitment to freedom of speech, and the avoidance of chilling effects on that speech, with regard to anonymous speech on the web.

As an ICANN accredited registrar, we are bound by whatever rules ICANN puts in place, and are closely watching this development. To the degree we are able we will lobby to keep the current policy in place.

That said, while I am an avid supporter of the EFF (and a monthly contributor), they were less than completely accurate in that post with regard to the facts of the current situation. All ICANN registrars are bound by section 3.7.7.3 of the ICANN Registrar Accreditation Agreement (see https://www.icann.org/resources/pages/ra-agreement-2009-05-21-en#3.7.7.3 and https://www.icann.org/en/system/files/newsletters/draft-advisory-raa-3773-14may10-en.pdf). As a practical matter, this effectively requires all ICANN Accredited Registrars to release to any third party (not just law enforcement or attorneys) identifying data for registrants upon receipt of “reasonable evidence of actionable harm”, and does not require a court order or subpoena. We address this in our Privacy Policy”.

For this reason, while Whois Privacy does provide some protection from casual trolls or Internet miscreants, it is naive to assume that any registrant’s actual identifying data is truly private in the face of an articulated claim of wrongdoing supported by any reasonable evidence.

For most our customers, the current reality is that the degree of privacy afforded by Whois Privacy Services is of value, but it should not be considered a general protection against being identified as the registrant of a domain.

Published indiversitygenderprivacytechnology

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *